AppSettings Complete Reference¶
Home → Documentation → Reference → AppSettings Reference
Complete reference for all appsettings.json configuration options in Cesivi Server.
Table of Contents¶
- Quick Start
- Core Settings
- Storage Configuration
- Identity Providers
- Cache Configuration
- Session Management
- Authentication (Legacy)
- Kestrel/SSL Settings
- Logging
- Plugins
- Complete Example
Quick Start¶
Minimal configuration to get started:
{
"Cesivi": {
"DataRootPath": "./MockData",
"HttpPort": 5000
}
}
Core Settings¶
{
"Cesivi": {
"DataRootPath": "./MockData",
"LogPath": "./MockData/Logs/Server",
"HostName": "localhost",
"UseHttps": false,
"HttpPort": 5000,
"HttpsPort": 5001
}
}
| Option | Type | Default | Description |
|---|---|---|---|
DataRootPath |
string | ./MockData |
Root path for all SharePoint data storage |
LogPath |
string | ./MockData/Logs/Server |
Path for server log files |
HostName |
string | localhost |
Server hostname for URL generation |
UseHttps |
bool | false |
Enable HTTPS |
HttpPort |
int | 5000 |
HTTP port |
HttpsPort |
int | 5001 |
HTTPS port |
Environment Variable Overrides:
Cesivi__DataRootPath=/var/data/sharepoint
Cesivi__HttpPort=8080
Storage Configuration¶
{
"Cesivi": {
"StorageProvider": "FileSystem",
"SqlitePath": "./Data/sharepoint.db",
"LiteDbPath": "./Data/sharepoint.litedb",
"SearchEngine": "TfIdf"
}
}
| Option | Type | Default | Description |
|---|---|---|---|
StorageProvider |
string | FileSystem |
Storage backend: FileSystem, InMemory, Sqlite, LiteDb |
SqlitePath |
string | "" |
SQLite database file path (when using Sqlite provider) |
LiteDbPath |
string | "" |
LiteDB database file path (when using LiteDb provider) |
SearchEngine |
string | TfIdf |
Search engine implementation |
See: Storage Providers Guide for detailed provider documentation.
Identity Providers¶
The Identity system supports multiple authentication providers with priority-based selection.
Overview¶
{
"Cesivi": {
"Identity": {
"Providers": {
"OAuth2": { ... },
"NTLM": { ... },
"AcceptAll": { ... }
}
}
}
}
OAuth2/OIDC Provider¶
{
"Cesivi": {
"Identity": {
"Providers": {
"OAuth2": {
"Enabled": false,
"Priority": 50,
"Authority": "https://login.microsoftonline.com/{tenant-id}/v2.0",
"Audience": "api://cesivi",
"ValidateIssuer": true,
"ValidateAudience": true,
"ValidateLifetime": true,
"ValidIssuers": [],
"ClockSkewMinutes": 5,
"ClaimMappings": {
"Username": "preferred_username",
"Email": "email",
"DisplayName": "name"
}
}
}
}
}
}
| Option | Type | Default | Description |
|---|---|---|---|
Enabled |
bool | false |
Enable OAuth2 provider |
Priority |
int | 50 |
Provider priority (lower = higher priority) |
Authority |
string | required | OIDC authority URL (e.g., Azure AD tenant URL) |
Audience |
string | required | Expected token audience |
ValidateIssuer |
bool | true |
Validate token issuer |
ValidateAudience |
bool | true |
Validate token audience |
ValidateLifetime |
bool | true |
Validate token expiration |
ValidIssuers |
string[] | [] |
Additional valid issuers (empty = use Authority) |
ClockSkewMinutes |
int | 5 |
Allowed clock skew for token validation |
ClaimMappings.Username |
string | preferred_username |
Claim for username |
ClaimMappings.Email |
string | email |
Claim for email |
ClaimMappings.DisplayName |
string | name |
Claim for display name |
See: OAuth2 Setup Guide
NTLM Provider¶
Configuration-Based Backend (Default)¶
{
"Cesivi": {
"Identity": {
"Providers": {
"NTLM": {
"Enabled": true,
"Priority": 100,
"Backend": "Configuration",
"Users": [
{
"Username": "administrator",
"Domain": "SHAREPOINT",
"DisplayName": "SharePoint Administrator",
"Email": "admin@sharepoint.local",
"Groups": ["Administrators", "Site Owners"]
},
{
"Username": "testuser",
"Domain": "CONTOSO",
"DisplayName": "Test User",
"Email": "testuser@contoso.com",
"Groups": ["Users", "Contributors"]
}
]
}
}
}
}
}
Active Directory Backend¶
{
"Cesivi": {
"Identity": {
"Providers": {
"NTLM": {
"Enabled": true,
"Priority": 100,
"Backend": "ActiveDirectory",
"ActiveDirectory": {
"Server": "ldap://dc.contoso.com",
"BaseDN": "DC=contoso,DC=com",
"ServiceAccount": "CN=svc_spm,OU=ServiceAccounts,DC=contoso,DC=com",
"ServiceAccountPassword": "your-password",
"UserSearchFilter": "(sAMAccountName={0})",
"GroupSearchFilter": "(member={0})",
"UseSsl": true,
"SkipCertificateValidation": false,
"ConnectionTimeout": 30,
"CacheTimeoutSeconds": 300
}
}
}
}
}
}
Pure LDAP Backend (OpenLDAP, 389 DS, etc.)¶
{
"Cesivi": {
"Identity": {
"Providers": {
"NTLM": {
"Enabled": true,
"Priority": 100,
"Backend": "LDAP",
"ActiveDirectory": {
"Server": "ldap://openldap.example.com:389",
"BaseDN": "dc=example,dc=com",
"ServiceAccount": "cn=admin,dc=example,dc=com",
"ServiceAccountPassword": "admin-password",
"UserSearchFilter": "(uid={0})",
"GroupSearchFilter": "(memberUid={0})",
"UseSsl": false,
"CacheTimeoutSeconds": 300
}
}
}
}
}
}
| Option | Type | Default | Description |
|---|---|---|---|
Enabled |
bool | false |
Enable NTLM provider |
Priority |
int | 100 |
Provider priority |
Backend |
string | Configuration |
Backend type: Configuration, ActiveDirectory, AD, LDAP |
Configuration Backend Options:
| Option | Type | Description |
|---|---|---|
Users[].Username |
string | Login name (without domain) |
Users[].Domain |
string | Domain/workgroup name |
Users[].DisplayName |
string | Full display name |
Users[].Email |
string | Email address |
Users[].Groups |
string[] | Group memberships |
ActiveDirectory/LDAP Backend Options:
| Option | Type | Default | Description |
|---|---|---|---|
Server |
string | ldap://localhost |
LDAP server URI |
BaseDN |
string | required | Base DN for searches |
ServiceAccount |
string | null | Service account DN (null = anonymous bind) |
ServiceAccountPassword |
string | null | Service account password |
UserSearchFilter |
string | (sAMAccountName={0}) |
User search filter ({0} = username) |
GroupSearchFilter |
string | (member={0}) |
Group search filter ({0} = user DN) |
UseSsl |
bool | false |
Enable SSL/TLS |
SkipCertificateValidation |
bool | false |
Skip SSL cert validation (dev only!) |
ConnectionTimeout |
int | 30 |
Connection timeout (seconds) |
CacheTimeoutSeconds |
int | 300 |
Cache TTL (0 = disabled) |
See: NTLM Setup Guide
AcceptAll Provider¶
{
"Cesivi": {
"Identity": {
"Providers": {
"AcceptAll": {
"Enabled": true,
"Priority": 1000,
"DefaultUsername": "SHAREPOINT\\administrator"
}
}
}
}
}
| Option | Type | Default | Description |
|---|---|---|---|
Enabled |
bool | true |
Enable AcceptAll provider |
Priority |
int | 1000 |
Provider priority (lowest = fallback) |
DefaultUsername |
string | SHAREPOINT\administrator |
Default identity for unauthenticated requests |
⚠️ Warning: Only use AcceptAll for development/testing!
Cache Configuration¶
Cesivi uses multiple specialized caches for performance.
{
"Cesivi": {
"Cache": {
"CamlParse": {
"MaxEntries": 2000,
"MaxSizeMB": 10,
"DefaultExpirationMinutes": 30
},
"CamlResult": {
"MaxEntries": 1000,
"MaxSizeMB": 50,
"DefaultExpirationMinutes": 5
},
"Reflection": {
"MaxEntries": 50000,
"MaxSizeMB": 20
},
"ObjectPath": {
"MaxEntries": 1000,
"MaxSizeMB": 10,
"DefaultExpirationMinutes": 10
},
"DirectoryScan": {
"MaxEntries": 500,
"MaxSizeMB": 5,
"DefaultExpirationMinutes": 15
},
"Generic": {
"MaxEntries": 10000,
"MaxSizeMB": 100,
"DefaultExpirationMinutes": 30
}
}
}
}
| Cache | Purpose | Default MaxEntries | Default MaxSizeMB |
|---|---|---|---|
CamlParse |
Parsed CAML query cache | 2000 | 10 |
CamlResult |
CAML query result cache | 1000 | 50 |
Reflection |
Reflection metadata cache | 50000 | 20 |
ObjectPath |
CSOM object path cache | 1000 | 10 |
DirectoryScan |
File system directory cache | 500 | 5 |
Generic |
General-purpose cache | 10000 | 100 |
Cache Entry Options:
| Option | Type | Description |
|---|---|---|
MaxEntries |
int | Maximum number of cache entries |
MaxSizeMB |
int | Maximum cache size in megabytes |
DefaultExpirationMinutes |
int | Default entry expiration time |
Session Management¶
{
"Cesivi": {
"Session": {
"IdleTimeoutMinutes": 30,
"CleanupIntervalMinutes": 5,
"MaxSessionCount": 1000,
"MaxIdentityCacheEntriesPerSession": 1000,
"MaxObjectCacheEntriesPerSession": 500,
"MemoryPressureThresholdMB": 500,
"EnableLruEviction": true
}
}
}
| Option | Type | Default | Description |
|---|---|---|---|
IdleTimeoutMinutes |
int | 30 |
Session idle timeout |
CleanupIntervalMinutes |
int | 5 |
Session cleanup interval |
MaxSessionCount |
int | 1000 |
Maximum concurrent sessions |
MaxIdentityCacheEntriesPerSession |
int | 1000 |
Identity cache entries per session |
MaxObjectCacheEntriesPerSession |
int | 500 |
Object cache entries per session |
MemoryPressureThresholdMB |
int | 500 |
Memory threshold for aggressive cleanup |
EnableLruEviction |
bool | true |
Enable LRU cache eviction |
Authentication (Legacy)¶
Legacy authentication settings (use Identity Providers instead for new deployments).
{
"Cesivi": {
"Authentication": {
"AcceptAllCredentials": true,
"AllowAnonymous": true,
"EnableNTLM": true,
"EnableJWT": true,
"EnableBasic": true
}
}
}
| Option | Type | Default | Description |
|---|---|---|---|
AcceptAllCredentials |
bool | true |
Accept any credentials (dev only!) |
AllowAnonymous |
bool | true |
Allow anonymous requests |
EnableNTLM |
bool | true |
Enable NTLM authentication |
EnableJWT |
bool | true |
Enable JWT Bearer authentication |
EnableBasic |
bool | true |
Enable Basic authentication |
Note: These settings are for backward compatibility. Use Identity.Providers for new deployments.
Kestrel/SSL Settings¶
{
"Kestrel": {
"Limits": {
"MaxRequestBodySize": 2147483648
},
"Certificate": {
"Path": "",
"Password": "Passw0rd",
"AllowInvalid": true
}
}
}
| Option | Type | Default | Description |
|---|---|---|---|
Limits.MaxRequestBodySize |
long | 2147483648 |
Max request body size (2GB) |
Certificate.Path |
string | "" |
Path to SSL certificate (.pfx) |
Certificate.Password |
string | "" |
Certificate password |
Certificate.AllowInvalid |
bool | true |
Allow invalid/self-signed certificates |
Logging¶
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Cesivi": "Information",
"Cesivi.Common.Identity": "Debug"
}
}
}
| Level | Description |
|---|---|
Trace |
Most verbose, every operation |
Debug |
Debugging information |
Information |
General operational info |
Warning |
Warnings and potential issues |
Error |
Errors only |
Critical |
Critical failures only |
None |
Disable logging |
Useful Debug Settings:
{
"Logging": {
"LogLevel": {
"Cesivi.Common.Identity": "Debug",
"Cesivi.Common.Identity.Ntlm": "Debug",
"Cesivi.Services.Csom": "Debug"
}
}
}
Plugins¶
{
"Cesivi": {
"Plugins": [
{
"Name": "MyCustomPlugin",
"Assembly": "MyCompany.Cesivi.Plugins.dll",
"Enabled": true,
"Config": {
"CustomSetting": "value"
}
}
]
}
}
See: Plugin Guide
Complete Example¶
Full appsettings.json with all options:
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning",
"Cesivi": "Information"
}
},
"AllowedHosts": "*",
"Kestrel": {
"Limits": {
"MaxRequestBodySize": 2147483648
},
"Certificate": {
"Path": "",
"Password": "",
"AllowInvalid": true
}
},
"Cesivi": {
"DataRootPath": "./MockData",
"LogPath": "./MockData/Logs/Server",
"HostName": "localhost",
"UseHttps": false,
"HttpPort": 5000,
"HttpsPort": 5001,
"StorageProvider": "FileSystem",
"SqlitePath": "",
"LiteDbPath": "",
"SearchEngine": "TfIdf",
"Identity": {
"Providers": {
"OAuth2": {
"Enabled": false,
"Priority": 50,
"Authority": "http://localhost:8080",
"Audience": "cesivi",
"ValidateIssuer": true,
"ValidateAudience": true,
"ValidateLifetime": true,
"ClaimMappings": {
"Username": "preferred_username",
"Email": "email",
"DisplayName": "name"
}
},
"NTLM": {
"Enabled": false,
"Priority": 100,
"Backend": "Configuration",
"Users": [
{
"Username": "administrator",
"Domain": "SHAREPOINT",
"DisplayName": "SharePoint Administrator",
"Email": "admin@sharepoint.local",
"Groups": ["Administrators"]
}
],
"ActiveDirectory": {
"Server": "ldap://localhost",
"BaseDN": "",
"ServiceAccount": null,
"ServiceAccountPassword": null,
"UserSearchFilter": "(sAMAccountName={0})",
"GroupSearchFilter": "(member={0})",
"UseSsl": false,
"SkipCertificateValidation": false,
"ConnectionTimeout": 30,
"CacheTimeoutSeconds": 300
}
},
"AcceptAll": {
"Enabled": true,
"Priority": 1000,
"DefaultUsername": "SHAREPOINT\\administrator"
}
}
},
"Session": {
"IdleTimeoutMinutes": 30,
"CleanupIntervalMinutes": 5,
"MaxSessionCount": 1000,
"MaxIdentityCacheEntriesPerSession": 1000,
"MaxObjectCacheEntriesPerSession": 500,
"MemoryPressureThresholdMB": 500,
"EnableLruEviction": true
},
"Cache": {
"CamlParse": {
"MaxEntries": 2000,
"MaxSizeMB": 10,
"DefaultExpirationMinutes": 30
},
"CamlResult": {
"MaxEntries": 1000,
"MaxSizeMB": 50,
"DefaultExpirationMinutes": 5
},
"Reflection": {
"MaxEntries": 50000,
"MaxSizeMB": 20
},
"ObjectPath": {
"MaxEntries": 1000,
"MaxSizeMB": 10,
"DefaultExpirationMinutes": 10
},
"DirectoryScan": {
"MaxEntries": 500,
"MaxSizeMB": 5,
"DefaultExpirationMinutes": 15
},
"Generic": {
"MaxEntries": 10000,
"MaxSizeMB": 100,
"DefaultExpirationMinutes": 30
}
},
"Authentication": {
"AcceptAllCredentials": true,
"AllowAnonymous": true,
"EnableNTLM": true,
"EnableJWT": true,
"EnableBasic": true
},
"Plugins": []
}
}
See Also¶
- Identity Providers Overview
- OAuth2 Setup Guide
- NTLM Setup Guide
- Storage Providers Guide
- Plugin Guide
- Logging Configuration
Last Updated: 2025-12-01